The post Colonial Pipeline attack jumpstarts additional decisions
The impact of the Colonial Pipeline network breach will have farther reaching consequences beyond temporary fuel shortages. Highlighting vulnerabilities within critical infrastructure networks, new rules will be set in place to protect them from additional attacks. This, in turn, will signal how future cybersecurity policies will be shaped in industries abroad.
In the short term, the Department of Homeland Security, specifically the Transportation sector, will set up some base regulations to help with curtailing future cyberattacks against infrastructure. Primarily, the initial directives will encompass setting up transparency rules for information purposes.
One of the barriers gumming up good cybersecurity defense and response is a lack of specificity post-attack. Companies are often unwilling to distribute information about an attack, often to “play down” the actual damage. But by only discussing sparse details, IT teams and officials cannot fully study the anatomy of an attack, which in turn creates a weaker response, continuing the cycle of dangerous future attacks.
Since cyberattacks are shifting into serious infrastructure, the need for robust efficiency and transparency is important.
The action will come with requirements and guidelines. Before, guidelines set in place by CISA and the FBI were voluntary. However, given the success of major cyber attacks, mandatory policies will be set in place. While the rules set in place will target the pipeline industry, it’s safe to assume we’ll see major rule changes and policy shifts in the near future.
What to expect
One of the primary reasons for the attack’s success was security or lack of. Most security and safety assurance for pipelines has focused on the physical aspect to maintain the flow of gas and petrol. But it’s a relic from the post 9-11 days, in dire need to retrofit itself for the modern era and modern attacks. The TSA, responsible for pipeline security, only saw cybersecurity rules in place in 2010.
Considering Colonial Pipeline was forced to pay a $4 million ransom, it’s safe to assume the policies are ineffective.
Therefore, the first step is open transparency and comprehensive reports following a cyber attack. Understanding how it happened plays a significant role in providing better future defense. For example, phishing and social engineering are often efficient culprits for breaching cyber defenses, so it stands to reason to train for them.
More so, this highlights additional problems with other utilities. Other critical infrastructure like weather systems, dams, and waste, do not have cyber standards. You can imagine the havoc caused by losing those to a cybersecurity outage, which is why the precedent for improved standards is so critical.
Beyond transparency requirements, the regulatory action will require designated industries to have an appointed chief cybersecurity/information officer. The responsibilities of said officer will vary, but typically involve overseeing policy. Additionally, said officer can (and will) report or communicate an attack to the FBI and CISA. Both organizations are preparing to offer 24/7 support to those impacted by a cybersecurity event.
Having access to both CISA and FBI will permit organizations to access important guideline info. In other words, instructions on how to improve their systems in a policy-based manner. Financial penalties will apply to organizations that fail to apply these policies and rule sets.
While these rules target infrastructure, it’s easy to assume they’ll apply to any business relying on online models for work. Some of the guidelines and policies you may already follow, such as monitoring remote networks for unusual activity/breaches. But regardless, paying attention to the rules set in place now and introducing them to your cyber environment can help you get ahead of the curve.
Preparing for increased transparency rules is a big part of future cybersecurity efforts. That means creating digestible reports which highlight important data points about breaches in a legible manner.
Doing so, however, can prove challenging, and even the best meaning enterprise can run into roadblocks. If you need help, it might be time to consider a managed service provider for assistance.